diff --git a/TODO.md b/TODO.md
index 914184a2..1e3b9e4f 100644
--- a/TODO.md
+++ b/TODO.md
@@ -435,6 +435,8 @@ mkhomedir_helper or create ssh homes with bash.rc and such
 
 # upgrade to django 1.9 and make margins wider
 # lets encrypt: DNS vs HTTP challange
+# lets enctypt: autorenew
+# lets encrypt: websites without / content
 
 # Warning websites with ssl options without https protocol
 
diff --git a/orchestra/conf/project_template/project_name/settings.py b/orchestra/conf/project_template/project_name/settings.py
index df1b6b82..639bc335 100644
--- a/orchestra/conf/project_template/project_name/settings.py
+++ b/orchestra/conf/project_template/project_name/settings.py
@@ -49,6 +49,7 @@ INSTALLED_APPS = [
     'orchestra.contrib.lists',
     'orchestra.contrib.webapps',
     'orchestra.contrib.websites',
+    'orchestra.contrib.letsencrypt',
     'orchestra.contrib.databases',
     'orchestra.contrib.vps',
     'orchestra.contrib.saas',
diff --git a/orchestra/contrib/letsencrypt/actions.py b/orchestra/contrib/letsencrypt/actions.py
index 52118506..d8c492e8 100644
--- a/orchestra/contrib/letsencrypt/actions.py
+++ b/orchestra/contrib/letsencrypt/actions.py
@@ -1,5 +1,6 @@
 from django.contrib import messages, admin
 from django.template.response import TemplateResponse
+from django.utils.safestring import mark_safe
 from django.utils.translation import ungettext, ugettext_lazy as _
 
 from orchestra.contrib.orchestration import Operation, helpers
@@ -75,16 +76,20 @@ def letsencrypt(modeladmin, request, queryset):
                     messages.success(request, msg.format(**context))
                 if no_https:
                     msg = ungettext(
-                        _("{name} website does not have HTTPS protocol enabled."),
-                        _("{no_https} websites do not have HTTPS protocol enabled."),
+                        _("{name} website does not have <b>HTTPS protocol</b> enabled."),
+                        _("{no_https} websites do not have <b>HTTPS protocol</b> enabled."),
                         no_https)
-                    messages.warning(request, msg.format(**context))
+                    messages.warning(request, mark_safe(msg.format(**context)))
                 return
     opts = modeladmin.model._meta
     app_label = opts.app_label
     context = {
         'title': _("Let's encrypt!"),
         'action_name': _("Encrypt"),
+        'content_message': _("You are going to request certificates for the following domains.<br>"
+            "This operation is safe to run multiple times, "
+            "existing certificates will not be regenerated. "
+            "Also notice that let's encrypt does not currently support wildcard certificates."),
         'action_value': action_value,
         'queryset': queryset,
         'opts': opts,